[SECURITY] [DSA 6066-1] gnome-shell-extension-gsconnect security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6066-1] gnome-shell-extension-gsconnect security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 30 Nov 2025 15:12:59 +0000
Message-id: <[🔎] aSxe-yzZVPqBinO8@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6066-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 30, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gnome-shell-extension-gsconnect
CVE ID         : CVE-2025-66270

It was discovered that missing validation of the device ID during
handshakes in KDE Connect, a tool to integrate smart phones to a
desktop, could allow an attacker to impersonate another device.

The oldstable distribution (bookworm) is not affected.

For the stable distribution (trixie), this problem has been fixed in
version 62-1+deb13u1.

We recommend that you upgrade your gnome-shell-extension-gsconnect packages.

For the detailed security status of gnome-shell-extension-gsconnect please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnome-shell-extension-gsconnect

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmksXgEACgkQEMKTtsN8
TjajIA/9Fuh/3+G6VfR+nChVLYCCyaOSbth91O4oKeR2cY3sRmPBfbVOOs/S7vkR
lXDy3Q1BDM1vOxWxIFqHgkS1GS1EZd62rlfMlnQgQroJHpntzr3upItQXCtZdpoh
1AXgDAW0L0WKNnhYPzAbGi45RJduh6BBYhR4NJww0X+KLvjRgVT/btka7wCx68Ac
5Cv4Lnj3JFzYCQKnP6Jg9nMOvNHOw1vUGfK3OqzZcJjWlgysA3UX1WPp2Pf8oxXg
v64YKMZdclgTSEKE4CqzicaQF54RFP3jEC8PdhLlMLMJ6KwTfXvI4WT4RrIN0XhH
2hHFbE69pKgTLXKeJ8R9JIIkMLE8Bh1Sa7e/erp0/Vd2iUGDxfzyBD6NWl7mRUHL
SoSMbE+6hiJ0X/1jxb2C1OT+rfG88qw9p1HZ2ygu48ZmmGEqRNWohcj+b5r++xLs
xt/5XIcU+S/2pswoa6Cp6KDFX3o49Q5kaQJIac/UogzvcCGuXpbcp8YXQDS9XaIi
kkSg0zWmtfzWekhvLGzWxdPr7K7ERdXlmu/9OgVxdbZygl8h9TWybrBrXssP+r+K
DALpWo0T6/RYy8h5pkEJgcdhdhijOkoMkIYBANCcZM5J8kwE/7hWCFVvqtkg2r33
ARVFf9N1J4l32iSQ2y9Cw7tS3D1Eig7ulYxWA7KMxyrKAZwhSoY=
=wN4x
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6065-1] krita security update
Next by Date: [SECURITY] [DSA 6067-1] containerd security update
Previous by thread: [SECURITY] [DSA 6065-1] krita security update
Next by thread: [SECURITY] [DSA 6067-1] containerd security update
Index(es):
- Date
- Thread